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DETAILED ACTION 

Response to Arguments 

Applicant's arguments filed 7/06/09 have been fully considered but they are not 
persuasive. 

The remarks filed July 9, 2009 recognize that 3GPP discloses a method for a 
user to establish a security association with an application server, wherein the user has 
completed a mutual authentication with a bootstrapping server function (BSF) that 
performs user identity verification in a generic authentication architecture in his home 
network and obtained a bootstrapping-transaction Identifier (B-TID) assigned to him by 
the BSF (section 4.2.1 , 4.2.2, 4.3.7, figures 3, 5) 

However, the remarks assert that the secondary reference used in a 35 U.S.C 
103 Rejection failed to teach missing components. The examiner asserts the that the 
secondary reference teaches how to establish security associations with the application 
server when a user is roaming in a visited network. 

The primary reference further discloses the bootstrapping function needs to be 
trusted by the home operator to handle authentication vectors; and further that the 
architecture shall not preclude the support of network application function in the visited 
network, or possibly even in a third network and that to the extent possible and existing 
protocols and infrastructure should be reused (section 4.3). The secondary reference 
has been used to provide further proof that such a network application function in a 
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visited network does exist. Faccin et al. (WO 2003-02-20) discloses how to establish 
security associations with the application server when a user is roaming. The remarks 
filed allege within the reference of Faccin "the message from the Mobile Node includes 
its identity" and that the identity is different from the B-TID or (bootstrapping transaction 
identifier). The examiner maintains this is not entirely the case and it appears a key 
element to the claimed reference passage (page 6, lines 16-23) was overlooked. In 
actuality the (page 6, lines 16-23) point outs out what is sent is in fact the identity and 
indications of the security associations ( i.e. obviously a transaction identifier). It should 
be noted that 3GPP (primary reference) in which the applicant has agreed covers the 
teaching of a Transaction Identifier supports this position see (see section 4.3.7) which 
further defines a transaction identifier as a key identifier (i.e. integrity key "IK"). The 
secondary reference clearly discloses the use of the integrity key (IK) and discloses 
"these message exchanges. ...established security association between the ..Visited GW 
and the Home GW". From this it would be obvious to one of ordinary skill in the art the 
same concept and actual parameters are being utilized wherein the only difference can 
be seen in the claim 1's utilization of broader language. 

Considering the primary reference already teaches the indistinctness of the 
network application function in a visited network vs. a home network it is obvious that 
the visiting network security function as taught by Faccin in greater completeness could 
be combined . 
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Additionally the remarks allege Faccin does not disclose (in page 9 lines 24-25) 
the feature "obtaining, by the application server in the visited network, the roaming 
user's user information comprising the user authentication results of the generic 
authentication architecture in the roaming user's home network, wherein the user 
information is associated with the B-TID". 

The examiner differs with this interpretation and contends the authentication 
results are obtained by the visited network. In fact, this is the subject matter of the entire 
publication by Faccin. Nevertheless, Faccin does disclose authentication results are 
obtained by the visited network in (fig. 2, fig. 3 and fig. 4). In fig 3 and 4 see the SA 
Negotiation and "FINAL RESULTS" directed toward V-GW. Furthermore, page 10 
(middle of page) establishes the security association is established between the Visited 
GW 320 and the Home GW 240. 

Additionally the remarks argue "the method of establishing the security 
association is completely different form the establishment in claim 1". Again the 
examiner differs with this interpretation. Claim 1 contains language such as 
"authentication results of the generic authentication architecture". What is this "generic 
authentication architecture"? Doesn't the word "generic" indicate any kind that can 
perform the same function? Such as, for example, a "Generic Medicine". One of 
ordinary skill in the art could take this to mean or contain a variety of specific server 
elements such as a Subscriber database/Authentication Center. Without further 
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explanation of the meaning of generic authentication architecture it can easily be seen 
how claim 1 appears to be written in broad terminology while the secondary reference 
Faccin appears to be more exacting in terminology and explanation. Therefore, Faccin 
does disclose the feature "establishing a security association with the roaming user (see 
fig. 2) by the application server in the visited network (see V-GW in figs. 2-3), according 
to user authentication results (see results in fig. 3-4v) of the generic authentication 
architecture in the roaming users home network" (see page 10 and figs. 2-4). 

In closing, without adjustment to the written description and subsequently the 
claims to differentiate over the prior art the examiner sees the combination of 3GPP and 
Faccin as currently meeting the limitations as presented and that the rejection should be 
sustained for all claims. 

Claim Status 

1. Claims 1- 15 are pending. 

Priority 

2. Receipt is acknowledged of papers submitted under 35 U.S.C. 1 1 9(a)-(d), which 
papers have been placed of record in the file. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

5 . Claims 1 -1 5 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
3GPP TS 33.220 v6.0.0 (2004-03) 3 rd Generation Partnership Project; Technical 
Specification Group Services and System Aspects; Generic Authentication Architecture 
(GAA); Generic Bootstrapping architecture (Release 6) 22 March 2004, pages 1-18 
(XP002422872) {herein after referred to as 3GPP} in view of Faccin et al. (WO 2003- 
02-20) 



In regards to claim 1, 3GPP discloses a method for a user to establish a 
security association with an application server, wherein the user has completed a 
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mutual authentication with a Bootstrapping Server Function (BSF) that performs user 
identity initial verification in a generic authentication architecture in his home network, 
and obtained a Bootstrapping-Transaction Identifier (B-TID) assigned to him by the BSF 
(sections 4.2.1 ,4.2.2, 4.3.7, figures 3, 5). 3GPP further discloses receiving a service 
request message, by the application server from the user containing the B-TID (sections 
4.2.1,4.2.2, 4.3.7, figures 3, 5). Obtaining, by the application user's information 
comprising the user authentication results of the generic authentication architecture 
wherein the user information is associated with the B-TID (sections 4.2.1,4.2.2, 4.3.7, 
figures 3, 5); and Establishing a security association with the user, by the application 
server in the network, according to the user authentication results of the generic 
authentication architecture (section 4.5.3, Fig. 3 and Fig. 5). 

3GPP does not disclose that when the user roams in a visited network, after 
receiving a service request from the roaming user, the application server in the visited 
network establishes a security association with the roaming user after getting the user's 
information from the roaming user's home network. The problem to be solved by the 
present invention may therefore be regarded as how to establish security associations 
with the application server when a user is roaming in a visited network. 

3GPP only does not specifically disclose the roaming or visiting server element in 
the following: receiving a service request message, by the application server in the 
visited network, from the roaming user containing the B-TID. 
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Obtaining, by the application server in the visited network, the roaming user's 
user information comprising the user authentication results of the generic authentication 
architecture in the roaming user's home network; and 

Establishing a security association with the roaming, user by the application 
server in the visited network, according to the user authentication results of the generic 
authentication architecture in the roaming user's home network. 

Faccin has already disclosed a feature employed for the same purpose wherein 
an application server in the visited network contacts the roaming user's home network in 
order to establish a security association, (page 3, line 15-page 4, line 1 ;page 6, lines 
1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2;claim 4). 

With the help of Faccin certain elements not explicitly disclosed by 3GPP 
relating to visiting or roaming elements become obvious: Faccin discloses; 

receiving a service request message, by the application server in the visited 
network, from the roaming user containing the B-TID . (page 3, line 15-page 4, line 1 
;page 6, lines 1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2;claim 
4). 

Obtaining, by the application server in the visited network, the roaming user's 
user information comprising the user authentication results of the generic authentication 
architecture in the roaming user's home network (page 3, line 15-page 4, line 1 ;page 6, 
lines 1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2;claim 4); and 
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Establishing a security association with the roaming user ("SA Negotiation", fig. 
3), by the application server in the visited network (see fig. 2), according to the user 
authentication results of the generic authentication architecture in the roaming user's 
home network (see fig. 2-4). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention, namely when the same result is to be achieved (see page 8, lines 27-28 of 
document 3GPP; page 2, lines 9-23 of document Faccin), to apply these features with 
corresponding effect to the method to establish security association according to 
document 3GPP, thereby arriving at a method for a roaming user to establish a security 
association according to claim 1 . The motivation for combing the invention of Faccin 
with that disclosed by 3GPP would be to efficiently negotiate security associations 
establishment between a mobile nodes connected to the wireless terminal and different 
network entities. 

In regards to claim 2, 3GPP discloses the step of obtaining a user's user 
information comprises: the application server in sending a query message to an 
authentication entity in the local network to inquire the user information associated with 
the B-TID ("fetch the required authentication information") (Section 4.4.3); the 
authentication entity which received the message finding out the home network to which 
the user belongs according to the B-TID in the message ("detect the home network"; 
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Section 4.3.7), and acquiring the user information associated with the B-TID from the 
BSF in the roaming user's home network ("user profile"; #2 in Section 4.5.2 & Figure 3), 
and returning the acquired the user information to the application server (direction of 
arrow towards BSF, Fig. 3); the application server in the visited network obtaining the 
user information according to a response message returned from the authentication 
entity (#4 & #5 in Fig. 3). 

3GPP does not disclose that a roaming users' information is obtained while in a 
visiting network or that the application server is in a visiting network. 

Faccin discloses that a roaming user's information is obtained while in a visited 
network (Fig. 2) and that the application server is in a visiting network querying 
information form the home/local network(page 3, line 15-page 4, line 1 ;page 6, lines 16- 
23; page 8, lines 13-20; page 10, line 9-page 11, line 1; claim 4). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention, to include that feature of locating and obtaining subscriber information 
utilizing an application server in a visited network as disclosed by Faccin within the 
technical disclosure document of 3GPP. The motivation for doing so would be allow 
allowed a network to protect itself from user fraud. 
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In regards to claim 3, 3GPP discloses the method wherein the authentication 
entity is a BSF (Fig. 1) or a generic authentication architecture proxy; the step of the 
BSF or the generic authentication architecture proxy in the network acquiring the user 
information associated with the B-TID from the user's home network comprises (Section 
4.3.7) and inquiring about the user information associated with the B-TID (Section 
4.4.3); and obtaining the user information associated with the B-TID from the response 
message returned by the BSF in the roaming user's home network (Section 4.3.7). 

3GPP does not explicitly disclose an example where the BSF or the generic 
authentication architecture proxy in the visited network directly sending a query 
message to the BSF in the roaming user's home network, 

Faccin discloses a security connection between two generic authentication (AAA) 
servers wherein one server is located in home network and the other in visited network 
wherein an application server in the visited network contacts the roaming user's home 
network in order to establish a security association, (page 3, line 15-page 4, line 1 ;page 
6, lines 16-23; page 8, lines 13-20; page 10, line 9-page 11, line 1; figure 2;claim 4). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention, namely when the same result is to be achieved (see page 8, lines 27-28 of 
document 3GPP; page 2, lines 9-23 of document Faccin), to apply these features with 
corresponding effect to the method to establish security association according to 
document 3GPP, thereby arriving at a method for a roaming user to establish a security 
association according to claim 1 . The motivation for doing so would be allow certain 
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users to watch mobile video programming while traveling in a automobile, train or some 
other moving apparatus. 

In regards to claim 4, 3GPP discloses a completed mechanism for operating a 
bootstrapping function with a network. 3GPP further identifies a Generic Authentication 
Architecture (Section 4.3.5) 

3GPP does not further disclose a method wherein the generic authentication 
architecture proxy in the visited network is an independent server, or a server combined 
with an AAA server in the local network, or a server combined with the application 
server in the local network. 

Faccin clearly discloses a method wherein the generic authentication architecture 
proxy in the visited network is a independent server or a AAA server in the local network 
combined with the application server in the local network (page 3, line 15-page 4, line 1; 
page 6, lines 1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2; claim 
4). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention for the 3GPP to logically include a generic authentication architecture based 
on the use of independent server types or with an AAA server as disclose by Faccin. 
The motivation would be to secure personal user information within a mobile network. 
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In regards to Claim 5, 3GPP discloses a completed mechanism for operating a 
bootstrapping function with a network. 3GPP further identifies a Generic Authentication 
Architecture wherein the Home network sends the subscribers GAA profile information 
needed for security purposes to the BSF (Section 4.3.5). Presumably the Home 
network would send the GAA profile information as needed to a BSF that queries the 
information associated with the B-TID (Section 4.4.3) it in a visiting network. 

However 3GPP does not explicitly disclose an AAA server in the home network. 
Additionally 3GPP does not disclose an AAA server in the visited network. 

Faccin discloses a AAA server in the home network inquiring the a Subscriber Database 
in the in the local network (Fig. 2-4), after the Database in the local network finding the 
user information associated with the ("identifying information", Abstract), it returning a 
response message, with the user information associated with the (identifying 
information ) in it, to the local AAA server, and the AAA server returning a response 
message, with the user information associated with the (identifying information) in it, to 
the AAA server in the visited network; the AAA server in the visited network obtaining 
the user information associated with the (identifying information) from the response 
message returned by the AAA server in the roaming user's home network (page 3, line 
1 5-page 4, line 1 ;page 6, lines 1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 
1; figure 2;claim 4). 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention, namely when the same result is to be achieved (see page 8, lines 27-28 of 
document 3GPP; page 2, lines 9-23 of document Faccin), to apply the features 
disclosed by Faccin as they relate to identifying information/B-TID with corresponding 
effect to the method to establish security association according to document 3GPP, 
thereby arriving at a method for a roaming user to establish a security association 
according to claim 1 . The motivation for doing so would be allow mobile operators to 
operate/provide multiple secured networks multiple different organizations at once. 

In regards to claim 6, 3GPP discloses the method wherein, the step of obtaining 
the roaming user's user information comprises: 

Notification user that the B-TID is an illegal identity ("unauthorized"; Section 
4.5.2, Fig. 3, Section A.2 & Fig. a1), and indicating the user to use a permanent identity 
(integrity key/ck; Section 4.5.2); 

having received the service request message from the user again, with the 
permanent identity (Integrity Key) carried in the message, 

the BSF in the home network carrying out mutual authentication with the user via 
the (un-described GAA Mechanism; Section 4.3.5), the BSF in the home network 
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directly returning a successful authentication message carrying the user information to 
the AAA server (un-described GAA Mechanism; Section 4.3.5) in the local network 
(Section 4.5.2 in Figure 3), 

3GPP does not specifically disclose a user roaming in a visited network nor does 
3GPP disclose the exact specifications of the Generic Authentication Architecture 
disclose in (Section 4.3.5). Therefore 3GPP does not explicitly site the use of AAA 
server mechanisms in authenticating users after the application server in the visited 
network obtains a users information (Section 4.4.3). 

However Faccin discloses the application server (Agent, Fig. 3) in the visited 
network notifying the roaming user with a integrity key/Long term ki (Fig. 3 & Page 9, 
lines 1 1-20) for identity determination (Fig. 3). The application server in the visited 
network sending an authentication request to a AAA server in the local network; 

the AAA server in the visited network finding out the user's home network according to 
the user's permanent identity, and sending another authentication request to the AAA 
server in the roaming user's home network (page 3, line 15-page 4, line 1; page 6, lines 
1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2; claim 4). 

Having received the authentication request from the AAA server in the visited network, 
the AAA server in the home network sending a request to the BSF in the local network 
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for authentication of the user (page 3, line 15-page 4, line 1; page 6, lines 16-23; page 
8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2; claim 4); 

The application server in the visited network sending an authentication request to a AAA 
server in the local network ("Home Network", Fig. 2); the AAA server in the visited 
network finding out the user's home network according to the user's permanent identity 
("integrity key/long term ki"; Fig. 3 & Page 9, lines 1 1-20), and sending another 
authentication request (CK(RAND2); Fig. 3) to the AAA server in the roaming user's 
home network (page 3, line 15-page 4, line 1 page 6, lines 16-23; page 8, lines 13-20; 
page 1 0, line 9-page 1 1 , line 1 ; figure 2;claim 4); 

The application server (Agent) in the visited network obtaining the roaming user's user 
information from the successful authentication message (Final Results; Fig 3 & 4) 
returned by the AAA server in the local network (page 3, line 15-page 4, line 1 ; page 6, 
lines 1 6-23; page 8, lines 1 3-20; page 1 0, line 9-page 1 1 , line 1 ; figure 2; claim 4). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention, namely when the same result is to be achieved (see page 8, lines 27-28 of 
document 3GPP; page 2, lines 9-23 of document Faccin), to include a authentication 
mechanism including AAA servers in a visiting network to interface with the BSF 
disclosed by 3GPP in the Home network with corresponding effect to establish security 
association according to document 3GPP, thereby arriving at a method for a roaming 
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user to establish a security association according to claim 1 . The motivation for 
combing the invention of Faccin with the technical disclosure 3GPP would be to 
efficiently negotiate security associations establishment between a mobile nodes 
through the use of AAA servers as is a industry standard to insure efficient security 
handshake negotiation. 

In regards to claim 7, 3GPP discloses wherein the user information comprises 
at least: key information and the user's identity ("bind the subscriber identity to the 
keying material"; Section 4.3.7). 

In regards to claim 8, 3GPP discloses wherein the user information also 
comprises the profile information associated with security ("profile information needed 
for security purposes"; Section 4.3.5). 

In regards to claim 9, 3GPP disclose the method wherein the key information is 
a shared key Ks generated (shared key material) in authentication, or a Ks-derived key 
and its valid term (Section 4.2.2, Section 4.3 & Section 4.5.2). 

In regards to claim 10 & 11; 3GPP discloses the method wherein the user 
information comprises at least: key information and the user's identity ("bind the 
subscriber identity to the keying material"; Section 4.3.7). 
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In regards to claim 12 & 13; 3GPP discloses the method wherein the user 
information also comprises the profile information associated with security ("profile 
information needed for security purposes"; Section 4.3.5). 

In regards to claim 14 & 15; 3GPP discloses the method wherein the key 
information is a shared key Ks generated in authentication, or a Ks-derived key and its 
valid term (Section 4.2.2, Section 4.3 & Section 4.5.2). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KHALID SHAHEED whose telephone number is 
(571)270-5813. The examiner can normally be reached on Monday-Friday 8am-5pm; 
EST; ALT Friday. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, V. Paul Harper can be reached on 571-272-7605. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/VINCENT P. HARPER/ 

Supervisory Patent Examiner, Art Unit 2617 

/ks/ 



